A critical open redirect vulnerability, identified as CVE-2020-36912, exists in Plexus anblick Digital Signage Management software. This flaw allows attackers to create malicious links that appear legitimate but redirect users to harmful websites, primarily to conduct phishing attacks for stealing credentials or distributing malware. Due to the high severity (CVSS 9.8) and ease of exploitation, this vulnerability poses a significant risk to organizational security and user trust.

The vulnerability is an open redirect located in the 'PantallaLogin' script. The script improperly validates the 'pagina' GET parameter, which is intended to direct users to a specific page after login. An attacker can exploit this by crafting a URL where the 'pagina' parameter points to an external, malicious website. When a user clicks this link, they are taken to the legitimate Plexus login page, and upon interacting with it, are automatically redirected to the attacker-controlled site, which can be used for phishing or malware delivery.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation can have a severe business impact by enabling highly effective phishing campaigns against employees and users. Attackers can leverage the trust users have in the legitimate domain to steal login credentials, personal information, or financial data. This can lead to unauthorized access to corporate systems, data breaches, financial loss, and significant reputational damage. The ease of exploitation elevates the risk of targeted attacks against the organization.

Immediate Action: Immediately apply the security patches provided by the vendor. Update Plexus anblick Digital Signage Management Multiple Products to the latest version to mitigate this vulnerability. Following the update, closely monitor for any signs of exploitation attempts by reviewing web server and application access logs.

Proactive Monitoring:

• Review historical and current web server logs for requests to the 'PantallaLogin' script containing external URLs in the 'pagina' parameter.
• Monitor for unusual outbound redirect patterns from the application server.
• Implement alerting for users reporting suspicious emails containing links to the Digital Signage Management portal.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Deploy a Web Application Firewall (WAF) with a rule to inspect the 'pagina' parameter and block any requests that contain external or non-whitelisted domain names.
• Implement strict egress filtering on the web server to prevent it from redirecting users to untrusted external websites.
• Conduct user awareness training to educate employees on identifying and reporting phishing attempts.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the public availability of exploit methods, this vulnerability requires immediate attention. We strongly recommend that organizations prioritize the deployment of the vendor-supplied patch across all affected systems without delay. If patching is not immediately possible, the implementation of compensating controls, such as WAF rules, is critical to reduce the risk of credential theft and subsequent system compromise.